Symantec Privileged Access Management

  • Private Community
 View Only

  • 1.  About PAM-CMN-5410

    Posted Apr 10, 2023 03:46 AM
    HI,
     
    Environment:
    CA Privileged Access Manager 4.0.2.203
     
    Question:
    When my customer tried to login to PAM client using a non-super user(the user has a Standard User Role.),
    they saw the following warning message.
    WARNING: PAM-CMN-5410 archival period is set to more than 60 days-this may slow down the system.Consider changing it to 60
     
    The warning message should be showed only when we try to login to PAM client using super user or even if we use non-super user, the warning message should be showed.
    Which is correct?
     
    Best regrads,
    Marubun


  • 2.  RE: About PAM-CMN-5410

    Broadcom Employee
    Posted Apr 10, 2023 02:02 PM

    Hello, This message should be shown on the dashboard only. Access to the dashboard implies that the user has more than a standard user role. If you indeed see this for a user that only has a standard user role, please open a case with PAM Support and provide screenshots of the user role configuration and the messages the user sees. Such messages are meant to be seen by any users with dashboard read access and a configuration manager role. This includes, but is not limited to, the super user and any other global administrator.


    Original Message


  • 3.  RE: About PAM-CMN-5410

    Posted Apr 10, 2023 07:33 PM
    HI Ralf
     
    Thank you for your reply.
    >Access to the dashboard implies that the user has more than a standard user role. 
    When my customer tried to login to PAM client using a non-super user(the user has a STANDARD USER ROLE.),
    they saw the following warning message.
    So I understand that the behavior is design.
     
    Thanks,
    Marubun

    Original Message


  • 4.  RE: About PAM-CMN-5410

    Broadcom Employee
    Posted Apr 10, 2023 07:50 PM
    Edited by Ralf Prigl Apr 10, 2023 07:53 PM

    Hi, as mentioned previously, a standard user with no other role should NOT see this message, that would NOT be behaving as designed. Keep in mind that users inherit roles from user groups. Maybe the affected user is member of a group that has a configuration manager role. If you are sure that the user only has a standard user role with no access to the dashboard and still sees this message, please raise a case with PAM Support and provide supporting screenshots.


    Original Message


  • 5.  RE: About PAM-CMN-5410

    Posted Apr 10, 2023 07:58 PM

    HI Ralf,

    Thank you for your reply.
    If the user had only Standard role, I understood that the message should not be showed.

    Marubun


    Original Message